Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multi arch image builds #45
Multi arch image builds #45
Changes from 1 commit
39ff519
2f61d91
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/binaries/manifests and kubectl plugins/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does this give you if you're running on
master
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It gives it as
refs/heads/master
whereas when it's pushed tov1
, it gives it as1
.https://github.com/RealHarshThakur/hierarchical-namespaces/runs/2753272153?check_suite_focus=true#step:8:11
https://github.com/RealHarshThakur/hierarchical-namespaces/runs/2753141639?check_suite_focus=true
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This means that we'll repeatedly overwrite the same tag, right? I'm not a huge fan of that, especially on the branches. Can we append the commit hash, e.g. something like
hnc_manager:master-0a1b2c-multiarch
for the master branch, andhnc_manager:0.9-3d4e5f-multiarch
for the branches?For the tags, it's probably ok to just have the tag name, e.g.
hnc_manager:0.9.0-multiarch
. We'll never build the same tag twice - if we need to do a release candidate, we'll include that in the tag name in Git (e.g.0.9.0-rc1
) and if we need to make a change to an existing tag, we'll just create a new one instead (e.g.0.9.1
).There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could also not push image for master branch. Only when a release is made and a branch is created, we create an image for it. We can have a separate image tag for Github Actions, just hope it doesn't confuse the end users. WDYT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This applies to the release branches as well. It's only Git tags that only get built once.
I'd prefer if we could append some unique prefix onto each build that comes from a branch (and not a tag). Failing that, can we say
-latest
on it so people know not to rely on it being constant?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: I suggest doing a
+{date}
to the tag as these are automatic builds. A 'real' release should likely only be retagging an intermediate build into the proper version. At least that would be my suggestion, especially since our release include more than just an image build. It also includes docs, kustomization files, and soon to be helm charts.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@RealHarshThakur I'm not seeing the date in the tab above, am I missing someething?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rjbez17 added it here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that sets the Docker tag so that it includes the date, but
RELEASE_TAG
(which I'm guessing is the Github release tag) still includes only the branch name, correct? E.g., I'd prefer for this to be something like:In other words, line up the
RELEASE_TAG
and the Docker tags as closely as possible.@RealHarshThakur if I've misinterpreted please feel free to remove the hold. We can always clean it up later anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you say anything about what this service account needs to be able to do? E.g., it must have permission to push to
gcr.io/k8s-staging-multitenancy
? If that's the requirement, how did you test this - by pushing to some different GCR repo?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I used the
Default compute service account
as shown in this blog and yes, I tested with a different repo.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah. That's bad advice, the default compute service account is terrible and generally shouldn't be used :D But there was no way for you to know that! I take it that the account was in the same GCP project as the repo you used to test?
Maybe just add the comment that we think the requirement for the service accounts it that it can push to the required registry (sorry, "registry" not "repo") but that we're not certain. We'll find out soon enough!